Forum Discussion

Kno_96049's avatar
Kno_96049
Icon for Nimbostratus rankNimbostratus
Oct 16, 2014

Read SSL certificate from http header?

I am sending 2 SSL certs from my app to the load balancer

 

  1. The standard SSL cert
  2. A required client certificate I generated, and put the Authority on the F5

In the SSL profile, I enable "Client Authentication" and everything is happy.

 

However, I have a special case now where I want to send the client certificate to the F5 via a header parameter like:

 

xmlhttp.setRequestHeader('X-Client-Certificate', Certificate_In_Base64);

 

Does anyone know if it's possible for the F5 to accept SSL certificates (specifically the client cert) in a non-standard way like iRule that lets me read it from the http header?

 

Thanks!

 

  • You could potentially try to use the sideband feature to read the additional Cert. header from the request and then use it to validate against an external server endpoint, if that is a possibility.

     

    I didnt follow the part where you mention that there are 2 connections. If the 2nd cert is in the header, it is still part of the 1st connection, or am I misinterpreting your setup ?

     

  • Yes, it certainly sounds feasible to send the certificate in a header ( assuming it is not over the size limit ). Within an iRule you would use HTTP:header.

     

    What do you want to do with it once it has been sent?